CVE-2015-4625

Priority
Description
Integer overflow in the authentication_agent_new_cookie function in
PolicyKit (aka polkit) before 0.113 allows local users to gain privileges
by creating a large number of connections, which triggers the issuance of a
duplicate cookie value.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Trusty/esm:released (0.105-4ubuntu3.14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.105-11ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.105-11ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (0.105-11ubuntu1)
Ubuntu 19.04 (Disco Dingo):released (0.105-11ubuntu1)
Ubuntu 19.10 (Eoan):released (0.105-11ubuntu1)
Patches:
Upstream:http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17
Upstream:http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
Upstream:http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228
More Information

Updated: 2019-04-26 14:15:18 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)